From: Greg KH <gregkh@linuxfoundation.org>
To: Jianmin Wang <jianmin@iscas.ac.cn>
Cc: davem@davemloft.net, dzickus@redhat.com,
herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org,
netdev@vger.kernel.org, omosnace@redhat.com, smueller@chronox.de,
stable@vger.kernel.org, steffen.klassert@secunet.com
Subject: Re: Re: [PATCH] backports: crypto user - make NETLINK_CRYPTO work
Date: Fri, 9 Apr 2021 08:36:07 +0200 [thread overview]
Message-ID: <YG/11xcauoPY0sn+@kroah.com> (raw)
In-Reply-To: <20210408191148.51259-1-jianmin@iscas.ac.cn>
On Thu, Apr 08, 2021 at 07:11:48PM +0000, Jianmin Wang wrote:
> On Mon, Apr 05, 2021 at 16:14 UTC, Greg KH wrote:
> > On Mon, Apr 05, 2021 at 01:55:15PM +0000, Jianmin Wang wrote:
> > > There is same problem found in linux 4.19.y as upstream commit. The
> > > changes of crypto_user_* and cryptouser.h files from upstream patch are merged into
> > > crypto/crypto_user.c for backporting.
> > >
> > > Upstream commit:
> > > commit 91b05a7e7d8033a90a64f5fc0e3808db423e420a
> > > Author: Ondrej Mosnacek <omosnace@redhat.com>
> > > Date: Tue, 9 Jul 2019 13:11:24 +0200
> > >
> > > Currently, NETLINK_CRYPTO works only in the init network namespace. It
> > > doesn't make much sense to cut it out of the other network namespaces,
> > > so do the minor plumbing work necessary to make it work in any network
> > > namespace. Code inspired by net/core/sock_diag.c.
> > >
> > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> > > Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
> > >
> > > Signed-off-by: Jianmin Wang <jianmin@iscas.ac.cn>
> > > ---
> > > crypto/crypto_user.c | 37 +++++++++++++++++++++++++------------
> > > include/net/net_namespace.h | 3 +++
> > > 2 files changed, 28 insertions(+), 12 deletions(-)
> >
> > How does this change fit with the stable kernel rules? It looks to be a
> > new feature, if you need this, why not just use a newer kernel version?
> > What is preventing you from doing that?
> >
>
> This problem was found when we deployed new services on our container cluster,
> while the new services need to invoke libkcapi in the container environment.
>
> We have verified that the problem doesn't exist on newer kernel version.
> However, due to many services and the cluster running on many server machines
> whose host os are long-term linux distribution with linux 4.19 kernel, it will
> cost too much to migrate them to newer os with newer kernel version. This is
> why we need to fix the problem on linux 4.19.
But this is not a regression, but rather a "resolve an issue that has
never worked for new hardware", right?
And for that, moving to a new kernel seems like a wise thing to do to
me because we do not like backporting new features. Distro kernel are
of course, free to do that if they wish.
thanks,
greg k-h
next prev parent reply other threads:[~2021-04-09 6:36 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-09 11:11 [PATCH] crypto: user - make NETLINK_CRYPTO work inside netns Ondrej Mosnacek
2019-07-09 14:38 ` Herbert Xu
2019-07-09 15:28 ` Ondrej Mosnacek
2019-07-09 16:14 ` Herbert Xu
2019-07-26 12:32 ` Herbert Xu
2021-04-05 13:55 ` [PATCH] backports: crypto " Jianmin Wang
2021-04-05 16:14 ` Greg KH
2021-04-08 19:11 ` Re: [PATCH] backports: crypto user - make NETLINK_CRYPTO work Jianmin Wang
2021-04-09 6:36 ` Greg KH [this message]
2021-04-09 13:14 ` Jianmin Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YG/11xcauoPY0sn+@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=dzickus@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=jianmin@iscas.ac.cn \
--cc=linux-crypto@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=omosnace@redhat.com \
--cc=smueller@chronox.de \
--cc=stable@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).